Tcpflow

From ForensicsWiki
Revision as of 14:49, 4 August 2008 by .FUF (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
tcpflow
Maintainer: Jeremy Elson
OS: Linux
Genre: Network forensics
License: GPL
Website: www.circlemud.org/~jelson/software/tcpflow/

tcpflow is a tool that captures data transmitted as part of TCP connections, and stores the data in a way that is convenient for protocol analysis, keyword searching, etc.

Overview

tcpflow stores all captured data in files that have names of the form

128.129.130.131.02345-010.011.012.013.45103

where the contents of the above file would be data transmitted from host 128.129.131.131 port 2345, to host 10.11.12.13 port 45103.

Limitations

tcpflow does not understand IP fragments.